Keyblind – encrypted secrets vault that hides API keys from AI agents Keyblind launched an encrypted secrets vault that prevents AI agents from exposing API keys, passwords, and tokens during coding sessions. The tool resolves secrets at runtime so plaintext values never appear in LLM conversation transcripts, addressing the 100,000+ leaked credentials found indexed by search engines in 2025. Keyblind integrates with any MCP-compatible editor including Claude Code, Cursor, and Copilot, and supports local SQLite, 1Password, and Bitwarden backends with zero network traffic. Encrypted secrets vault with MCP for AI agents. Secrets resolved at runtime, never leaked to LLM conversations. Developers regularly leak API keys, passwords, and tokens to AI coding tools. 100,000+ LLM conversations with exposed secrets were found indexed by search engines in 2025. AI agents read your .env files. They copy-paste secrets into conversations. They commit them accidentally. Keyblind stops this by keeping secrets encrypted at rest and resolving them at runtime — the plaintext value never touches the LLM transcript. ┌──────────┐ ┌────────────────┐ ┌─────────────────┐ │ AI Agent │ ──→ │ Keyblind MCP │ ──→ │ Encrypted │ │ Claude │ │ Server │ │ SQLite Vault │ │ │ ←── │ 6 tools │ ←── │ AES-256-GCM │ └──────────┘ └────────────────┘ └─────────────────┘ ↑ │ │ secret value never appears │ secrets never │ in conversation transcript │ stored in plaintext Install npm i -g keyblind Initialize your vault keyblind init Store secrets echo "sk-proj-abc123" | keyblind set OPENAI API KEY keyblind set DATABASE URL - prompts securely Sandbox your .env AI agents see fakes keyblind sandbox Resolve a secret keyblind get OPENAI API KEY Run commands with secrets injected as env vars keyblind run -- npm start List all secrets names only keyblind list Keyblind is MCP-first — it works with every AI tool that speaks the Model Context Protocol: Claude Code — add to .mcp.json : { "mcpServers": { "keyblind": { "command": "npx", "args": "keyblind", "start" } } } Cursor, Windsurf, Copilot, Cline, Zed — any MCP-compatible editor. | Tool | Description | |---|---| resolve secret | Resolve a secret at runtime value hidden from transcript | store secret | Encrypt and store a secret | list secrets | List secret names values never revealed | sandbox env | Replace .env values with deterministic fakes | unsandbox env | Restore real .env values from vault | delete secret | Delete a secret | Keyblind supports multiple secret backends: keyblind backends List available backends keyblind backend 1password Switch to 1Password keyblind backend bitwarden Switch to Bitwarden | Backend | Read | Write | Requires | |---|---|---|---| local default | ✓ | ✓ | Nothing | 1password | ✓ | ✓ | op CLI | bitwarden | ✓ | — | bw CLI | env | ✓ | — | Nothing | | Keyblind | Cloak | | |---|---|---| Protocol | MCP all editors | VS Code extension only | Storage | AES-256-GCM SQLite | AES-256-GCM file | Backends | Local, 1Password, Bitwarden, Env | Local only | Sandbox | Deterministic HMAC fakes | AES-256-GCM encrypted | Touch ID | ✓ macOS biometric gate | ✓ | CI/CD | keyblind run for env injection | — | Network | Zero fully local | Zero | License | MIT | Proprietary | AES-256-GCM encryption with PBKDF2 key derivation 600K iterations Machine-identity-bound key — encryption key XOR-wrapped with machine fingerprint Zero network, zero telemetry — no cloud, no accounts, no analytics Vault stored at with ~/.keyblind/ 0700 permissions Deterministic sandbox fakes using HMAC-SHA256 per project + key name keyblind init Initialize the encrypted vault keyblind set